The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a Notice of Final Determination finding that a covered entity, Cignet Health of Prince George’s County, MD (Cignet), violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS has imposed a civil money penalty (CMP) of $4.3 million for the violations, representing the first CMP issued by the Department for violations of the HIPAA Privacy Rule. The CMP is based on the violation categories and increased penalty amounts authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

“Today the message is loud and clear: HHS is serious about enforcing individual rights guaranteed by the HIPAA Privacy Rule and ensuring provider cooperation with our enforcement efforts,” said OCR Director Georgina Verdugo.

In a Notice of Proposed Determination issued October 20, 2010 (NPD), OCR found that Cignet violated 41 patients’ rights by denying them access to their medical records.

Here’s the full articlehttps://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/cignet-health/index.html